Live Chat Unlimited v2.8.3 Stored XSS Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1642020 漏洞类型
发布时间 2019-06-25 更新时间 2019-06-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060165
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*!
* ::- Title: Live Chat Unlimited v2.8.3 Stored XSS Injection
* ::- Author: m0ze
* ::- Date: 2019/06/25
* ::- Software: Live Chat Unlimited v2.8.3
*/
  
::- Details & Description -::
~ Weak security measures like bad input field data filtering has been discovered in the «Live Chat Unlimited». Current version of this premium WordPress plugin is 2.8.3.

::- Demo Website -::
~ https://codecanyon.net/item/wordpress-live-chat-plugin/3952877
~ Frontend: https://screets.com/

::- Special Note -::
~ 7.602 Sales, $75

::- Google Dork -::
~ inurl:"wp-content/plugins/screets-lcx"

::- PoC Links -::
~ -

::- PoC [Stored XSS Injection] -::
~ Go to the demo website https://screets.com/try/lcx/night-bird/ and open chat window by clicking on «Open/close» link, then click on «Online mode» to go online. Use your payload inside input field and press [Enter]. Provided exaple payloads working on the admin area, so it's possible to steal admin cookies or force a redirect to any other website.
~ Example #1: <!--<img src="--><img src=x onerror=(alert)(`m0ze`)//">m0ze
~ Example #2: <!--<img src="--><img src=x onerror=(alert)(document.cookie)//">m0ze